<?php
/* 
 * Amnesia is Copyright (c) 2010 Mark Russell
 * 
 * Contact: info@amnesia-app.com	
 * 
 * This file is part of Amnesia.
 * 
 * Amnesia is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * Amnesia is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with Amnesia. If not, see <http://www.gnu.org/licenses/>.
 *
 */

include '../../db/db.php';

$user_id = mysql_real_escape_string ($_POST[user_id]);
$cat_id = mysql_real_escape_string ($_POST[cat_id]);
$item_id = mysql_real_escape_string ($_POST[item_id]);

$xml = "";

// Pull out the correct data depending on $cat_id
switch ($cat_id) {
    case "1":
    	// web
        $query = "SELECT * FROM `web` WHERE `live`=1 && `user_id`=" . $user_id . " && `web_id`=" . $item_id;
		
		if(!($result = @ mysql_query ($query, $con)))
		   showerror();
		
		$result = mysql_query($query);

		while($array = mysql_fetch_array($result)) {
		
			$id = $array['web_id'];
			$title = $array['title'];
			$username = $array['username'];
			$password = $array['password'];
			$url = $array['url'];
			$notes = $array['notes'];
			
			$xml .= "<item>";
			$xml .= "<id>$id</id>";
			$xml .= "<title>$title</title>";
			$xml .= "<username>$username</username>";
			$xml .= "<password>$password</password>";
			$xml .= "<url>$url</url>";
			$xml .= "<notes>$notes</notes>";
			$xml .= "</item>";
		}
		break;
	case "2":
		// hosted
        $query = "SELECT * FROM `hosted` WHERE `live`=1 && `user_id`=" . $user_id . " && `hosted_id`=" . $item_id;
		
		if(!($result = @ mysql_query ($query, $con)))
		   showerror();
		
		$result = mysql_query($query);
		
		while($array = mysql_fetch_array($result)) {
		
			$id = $array['hosted_id'];
			$title = $array['title'];
			$username = $array['username'];
			$password = $array['password'];
			$dns1 = $array['dns1'];
			$dns2 = $array['dns2'];
			$dns3 = $array['dns3'];
			$dns4 = $array['dns4'];
			$ip = $array['ip'];
			$notes = $array['notes'];
			
			$xml .= "<item>";
			$xml .= "<id>$id</id>";
			$xml .= "<title>$title</title>";
			$xml .= "<username>$username</username>";
			$xml .= "<password>$password</password>";
			$xml .= "<dns1>$dns1</dns1>";
			$xml .= "<dns2>$dns2</dns2>";
			$xml .= "<dns3>$dns3</dns3>";
			$xml .= "<dns4>$dns4</dns4>";
			$xml .= "<ip>$ip</ip>";
			$xml .= "<notes>$notes</notes>";
			$xml .= "</item>";
		}
		break;
	case "3":
		// phone
        $query = "SELECT * FROM `phone` WHERE `live`=1 && `user_id`=" . $user_id . " && `phone_id`=" . $item_id;
		
		if(!($result = @ mysql_query ($query, $con)))
		   showerror();
		
		$result = mysql_query($query);

		while($array = mysql_fetch_array($result)) {
		
			$id = $array['phone_id'];
			$title = $array['title'];
			$username = $array['username'];
			$password = $array['password'];
			$notes = $array['notes'];
			
			$xml .= "<item>";
			$xml .= "<id>$id</id>";
			$xml .= "<title>$title</title>";
			$xml .= "<username>$username</username>";
			$xml .= "<password>$password</password>";
			$xml .= "<notes>$notes</notes>";
			$xml .= "</item>";
		}
		break;
	case "4":
		// license
        $query = "SELECT * FROM `license` WHERE `live`=1 && `user_id`=" . $user_id . " && `license_id`=" . $item_id;
		
		if(!($result = @ mysql_query ($query, $con)))
		   showerror();
		
		$result = mysql_query($query);

		while($array = mysql_fetch_array($result)) {
		
			$id = $array['license_id'];
			$title = $array['title'];
			$serial = $array['serial'];
			$url = $array['url'];
			$notes = $array['notes'];
			
			$xml .= "<item>";
			$xml .= "<id>$id</id>";
			$xml .= "<title>$title</title>";
			$xml .= "<serial>$serial</serial>";
			$xml .= "<url>$url</url>";
			$xml .= "<notes>$notes</notes>";
			$xml .= "</item>";
		}
		break;
	case "5":
		// cards
        $query = "SELECT * FROM `cards` WHERE `live`=1 && `user_id`=" . $user_id . " && `cards_id`=" . $item_id;
		
		if(!($result = @ mysql_query ($query, $con)))
		   showerror();
		
		$result = mysql_query($query);

		while($array = mysql_fetch_array($result)) {
		
			$id = $array['cards_id'];
			$title = $array['title'];
			$service = $array['service'];
			$card_no = $array['card_no'];
			$start = $array['start'];
			$end = $array['end'];
			$cvn = $array['cvn'];
			$name = $array['name'];
			$pin = $array['pin'];
			$notes = $array['notes'];
			
			$xml .= "<item>";
			$xml .= "<id>$id</id>";
			$xml .= "<title>$title</title>";
			$xml .= "<service>$service</service>";
			$xml .= "<card_no>$card_no</card_no>";
			$xml .= "<start>$start</start>";
			$xml .= "<end>$end</end>";
			$xml .= "<cvn>$cvn</cvn>";
			$xml .= "<name>$name</name>";
			$xml .= "<pin>$pin</pin>";
			$xml .= "<notes>$notes</notes>";
			$xml .= "</item>";
		}
		break;
	case "6":
		// banking
        $query = "SELECT * FROM `banking` WHERE `live`=1 && `user_id`=" . $user_id . " && `banking_id`=" . $item_id;
		
		if(!($result = @ mysql_query ($query, $con)))
		   showerror();
		
		$result = mysql_query($query);

		while($array = mysql_fetch_array($result)) {
		
			$id = $array['cards_id'];
			$title = $array['title'];
			$username = $array['username'];
			$password = $array['password'];
			$notes = $array['notes'];
			
			$xml .= "<item>";
			$xml .= "<id>$id</id>";
			$xml .= "<title>$title</title>";
			$xml .= "<username>$username</username>";
			$xml .= "<password>$password</password>";
			$xml .= "<notes>$notes</notes>";
			$xml .= "</item>";
		}
		break;
	case "7":
		// email
        $query = "SELECT * FROM `email` WHERE `live`=1 && `user_id`=" . $user_id . " && `email_id`=" . $item_id;
		
		if(!($result = @ mysql_query ($query, $con)))
		   showerror();
		
		$result = mysql_query($query);

		while($array = mysql_fetch_array($result)) {
		
			$id = $array['cards_id'];
			$title = $array['title'];
			$username = $array['username'];
			$password = $array['password'];
			$server = $array['server'];
			$smtp = $array['smtp'];
			$notes = $array['notes'];
			
			$xml .= "<item>";
			$xml .= "<id>$id</id>";
			$xml .= "<title>$title</title>";
			$xml .= "<username>$username</username>";
			$xml .= "<password>$password</password>";
			$xml .= "<server>$server</server>";
			$xml .= "<smtp>$smtp</smtp>";
			$xml .= "<notes>$notes</notes>";
			$xml .= "</item>";
		}
		break;
	case "8":
		// computer_user
        $query = "SELECT * FROM `computer_user` WHERE `live`=1 && `user_id`=" . $user_id . " && `computer_user_id`=" . $item_id;
		
		if(!($result = @ mysql_query ($query, $con)))
		   showerror();
		
		$result = mysql_query($query);

		while($array = mysql_fetch_array($result)) {
		
			$id = $array['cards_id'];
			$title = $array['title'];
			$username = $array['username'];
			$password = $array['password'];
			$platform = $array['platform'];
			$notes = $array['notes'];
			
			$xml .= "<item>";
			$xml .= "<id>$id</id>";
			$xml .= "<title>$title</title>";
			$xml .= "<username>$username</username>";
			$xml .= "<password>$password</password>";
			$xml .= "<platform>$platform</platform>";
			$xml .= "<notes>$notes</notes>";
			$xml .= "</item>";
		}
		break;
	case "9":
		// hardware
        $query = "SELECT * FROM `hardware` WHERE `live`=1 && `user_id`=" . $user_id . " && `hardware_id`=" . $item_id;
		
		if(!($result = @ mysql_query ($query, $con)))
		   showerror();
		
		$result = mysql_query($query);

		while($array = mysql_fetch_array($result)) {
		
			$id = $array['cards_id'];
			$title = $array['title'];
			$model = $array['model'];
			$serial = $array['serial'];
			$location = $array['location'];
			$name = $array['name'];
			$tag = $array['tag'];
			$notes = $array['notes'];
			
			$xml .= "<item>";
			$xml .= "<id>$id</id>";
			$xml .= "<title>$title</title>";
			$xml .= "<model>$model</model>";
			$xml .= "<serial>$serial</serial>";
			$xml .= "<location>$location</location>";
			$xml .= "<name>$name</name>";
			$xml .= "<tag>$tag</tag>";
			$xml .= "<notes>$notes</notes>";
			$xml .= "</item>";
		}
		break;
	case "10":
		// certificates
        $query = "SELECT * FROM `certificates` WHERE `live`=1 && `user_id`=" . $user_id . " && `certificates_id`=" . $item_id;
		
		if(!($result = @ mysql_query ($query, $con)))
		   showerror();
		
		$result = mysql_query($query);

		while($array = mysql_fetch_array($result)) {
		
			$id = $array['cards_id'];
			$title = $array['title'];
			$company = $array['company'];
			$url = $array['url'];
			$email = $array['email'];
			$certificate = $array['certificate'];
			$notes = $array['notes'];
			
			$xml .= "<item>";
			$xml .= "<id>$id</id>";
			$xml .= "<title>$title</title>";
			$xml .= "<company>$company</company>";
			$xml .= "<url>$url</url>";
			$xml .= "<email>$email</email>";
			$xml .= "<certificate>$certificate</certificate>";
			$xml .= "<notes>$notes</notes>";
			$xml .= "</item>";
		}
		break;
	case "11":
		// notes
        $query = "SELECT * FROM `notes` WHERE `live`=1 && `user_id`=" . $user_id . " && `notes_id`=" . $item_id;
		
		if(!($result = @ mysql_query ($query, $con)))
		   showerror();
		
		$result = mysql_query($query);

		while($array = mysql_fetch_array($result)) {
		
			$id = $array['cards_id'];
			$title = $array['title'];
			$date = $array['date'];
			$updated = $array['updated'];
			$notes = $array['notes'];
			
			$xml .= "<item>";
			$xml .= "<id>$id</id>";
			$xml .= "<title>$title</title>";
			$xml .= "<date>$date</date>";
			$xml .= "<updated>$updated</updated>";
			$xml .= "<notes>$notes</notes>";
			$xml .= "</item>";
		}
		break;
}

// Create the XML and make response
header('Content-Type: application/xml; charset=ISO-8859-1');
echo "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>";
echo "<items>";
echo $xml;
echo "</items>";

mysql_close($con);
?>
